Paul Squires on security and related topics

Main menu

Tag Archives: ID cards

This morning’s news sees a call from Lord Justice Sedley for all people in the UK including visitors to be required to submit DNA to the national database that is currently being populated. Sedley’s reasons for saying this are not primarily political, but more about fairness and removing the bias that exists in these systems, but regardless, I think this marks a dangerous move for the judiciary.

There are a number of potential problems with a DNA database, which will start to become more apparent as the number of records increases and technology moves on. A comment from Sedley demonstrates my biggest concern with any such database

It also means that a great many people who are walking the streets and whose DNA would show them guilty of crimes, go free

This displays the very real public opinion that DNA (along with fingerprints, for that matter) are infallible proof of guilt of a crime when, in fact, there can be errors made at any stage of the process. DNA gets around – look in my car, for example, there are DNA samples from me, my family, my colleagues, the guy who changed a tyre recently and probably many more. If my car becomes a crime scene just how many people will be under suspicion?

Taking this a step further, it’s already possible to plant DNA evidence (it’s easy enough to collect, as my car demonstrates) and at some point in the future will be a trivial task to synthesise it and no doubt to mask it as well. What needs to happen is that the police perform robust investigation, collecting real evidence and determining motive; DNA samples can never be anything other than circumstantial and should certainly not be used as prima facie evidence of guilt.

One of the biggest issues with any biometric identifier is that it is impossible to change – once my DNA (or my fingerprint) has been used for some nefarious purpose then I can never change – there could be someone who (within the bounds of scanning accuracy) is my genetic “twin” to whom I am permanently linked. Every crime he commits would result in my arrest! We’ve seen this situation with the no-fly lists using names (which admittedly are certainly not as unique as DNA).

As with many of these discussions, it’s not the database itself that’s the problem, but the purposes to which it can be put. Unfortunately no legal restraints can be put in place that will guarantee such a system will not be abused and therefore I have little choice but to criticise the initial implementation – as I’ve done already with other systems in our “database state”. I do have nothing to hide, but there is still plenty to fear from this.